• Advertise
• Search
• Free Magazines
• Newest Links
• Categories
• Register
• Login

Documentation is to Incident Response as an Air Tank is to Scuba Diving

Added by Papergrl

Description: That IP address you just traced may result in a search warrant, an arrest, and court action. Can your documentation justify these actions, and is it ready for scrutiny? Even routine vulnerability scans and bot incidents can have unexpected results. Getting it done right the first time saves effort in the long run, preserves requisite credibility, and can save face, possibly even your job. IP addresses, MAC addresses, room numbers, switch ports, service ports, usernames, real names, LAN administrator ( LAN admin) names, hostnames, domain names, time of offense, time of login, connection types, case ID's, checklists, e-mail addresses, phone numbers, DHCP connections, wireless connections, and dialup connections can form a complex and changing web of interrelated information. How do you keep track of all of this information? This paper attempts to answer that question.